With the trialogues on the draft EU AI Act entering what is probably their final phase and the idea that procuring AI cannot be done lightly spreading, organizations are often confronted with hard choices, including on how to source AI responsibly and protect against liabilities with an uncertain developing legal framework. Contractual language is one answer, but what was done in the field had no authoritative referential to benchmark against. That has now changed, with the renewed proposal for standard EU model contractual AI clauses when procuring AI, released early October by a multi-stakeholder group within the European Commission.

What Are the Model Clauses?

Two templates have been developed that use the risk classification of the draft EU AI Act as a marker. One set is developed for non-high-risk (and non-prohibited) AI uses (AI Clauses Light Version). The other one is for high-risk (and non-prohibited) AI systems (AI Clauses High-Risk Version, together with the AI Clauses Light Version, the “Clauses”). The Clauses are due to work as schedules from an existing contractual agreement; they are not standalone. They are available here.

The Clauses contain provisions setting (i) essential requirements that an AI system must meet before its delivery, such as the implementation of appropriate risk management systems by the supplier, the implementation of data governance models in connection with the datasets used for training the AI system and compliance with ethical standards; (ii) obligations for the supplier, such as the implementation of quality management systems to ensure compliance with the provisions set in the Clauses; and (iii) stipulations on the use of the data sets by the acquiring company/public authority, the supplier and third parties.

The Clauses include several annexes aiming at providing details on (i) the AI System and its intended purpose; (ii) the description of the data sets used; (iii) the technical documentation requirements; (iv) the instructions for use; and (v) the measures adopted to ensure that the AI system complies with ethical standards.

The AI Clauses High-Risk Version includes additional obligations for the supplier, such as carrying out a conformity assessment to ensure compliance with the provisions of the Clauses prior to delivery, the implementation of corrective actions in case of non-compliance and the need to cooperate in audits. The supplier’s liability in the event of claims by third parties is also addressed.

What They Are Not?

The Clauses only contain provisions specific to AI systems, addressing items relevant under the (upcoming) EU AI Act. They exclude obligations or requirements that may arise under other applicable legislations, such as GDPR. The Clauses do not aim to provide a comprehensive set of prescriptive drafting; they put on the contracting parties the responsibility to assess the adequacy and proportionality of each section and to customize them further, based on the specific context.

Further, and as a matter of their initial scope, the Clauses are initially solely meant to address issues faced by public authorities procuring AI systems.

How Are the Clauses Relevant for Businesses?

Although these EU Model Contractual clauses are aimed at public organizations, they are useful outside of public authorities. They can serve as a good basis for private organizations to benchmark against the contractual provisions that were developed internally until now.

The Clauses reinforce the need for organizations to set innovation-oriented procurement procedures and focus throughout the procurement process on mechanisms for ensuring accountability and transparency of the solutions provided by their AI providers. Their adoption is fully voluntary.

Relying on the Clauses will only be one facet to tackle the many and complex challenges inherent in the sourcing of AI technology, in a quickly evolving regulatory landscape. At a minimum, you can now see whether the work you have done so far is going into the right direction.